In October 2023 Gmail and Yahoo! introduced a new set of requirements senders must meet by February 2024. Although many of the requirements that are mentioned have been industry best practices, Google and Yahoo! will enforce these practices as of February 1, 2024. You can read the official announcements here:

Google Announcement: Gmail introduces new requirements to fight spam (blog.google)

Yahoo! Announcement: Postmaster @ Yahoo & AOL — More Secure, Less Spam: Enforcing Email Standards... (yahooinc.com)

List of requirements and the impact to Guestfolio CRM customers

FROM Email Address Domains should be set up with SPF and DKIM Authentication

Email Authentication protocols such as SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail) are crucial for ensuring the security and integrity of email communications. SPF helps verify the authenticity of the sender's domain, reducing the likelihood of email spoofing and phishing attacks. SPF allows you to list all the IP addresses that are authorized to send mail on behalf of your domain. DKIM adds a digital signature to emails, providing recipients with a way to verify that the message hasn't been tampered with during transit.

The Cendyn team provided SPF records to incorporate to the DNS Domain configuration at the time of your implementation. Before these announcements by Google and Yahoo!, SPF was a required core minimum. With these new industry changes and a push for DKIM alignment, Guestfolio CRM email sending domains will require additional DNS records to be fully authenticated.

Although Guestfolio CRM allows hotels the flexibility to type in any FROM address when creating a campaign (transactional or marketing), it is crucial that users only use a fully authenticated domain for the FROM name. Failure to send from an authenticated domain may result in delivery issues. Submit a ticket to the Cendyn Support Team for assistance with this issue.

Sending domains/IPs have valid forward and reverse DNS Records (AKA – PTR Records)

Reverse DNS (Domain Name System) plays a crucial role in email authentication by verifying that the IP address associated with an email server resolves back to a legitimate and correctly configured domain name. This process helps prevent email spoofing and enhances the overall security of email communications.

Reverse DNS is established during the implementations process for all hotels, whether they use a shared or dedicated IP.

Abuse Complaint/Spam Complaint Rates below 0.3%

Calculating the spam complaint rate in email marketing involves measuring the number of recipients who mark a sender's emails as spam relative to the total number of delivered emails. A low spam complaint rate is indicative of a well-targeted and engaging email campaign, while a high rate may signal issues with content, frequency, or overall sender reputation.

Google and Yahoo!’s new rules require senders to maintain a Spam Complaint Rate below 0.3%. As a Guestfolio CRM dedicated domain customer, you can set up your own Google Postmaster account to monitor your Google Spam Complaints. Google Postmaster offers valuable information regarding domain and IP reputation for Google and provides a Google Spam Complaint Rate. Read about the advantages of Google Postmaster in our Cendyn Library.

Format messages according to the Internet Message Format standard (RFC 5322)

RFC 5322 is a standard that defines the syntax and structure of email messages on the Internet, specifying the format for headers, message bodies, and addresses. It outlines the rules for creating and interpreting email messages, ensuring consistency and interoperability across various email systems and customers.

Don’t impersonate Gmail FROM: headers

This requirement basically says that a sender should not impersonate a Gmail FROM: header. For example, don’t send campaigns using the @gmail.com, i.e., LuxuryHotel@gmail.com. You must be very careful to use a FROM address that has proper authentication.

Gmail will begin to utilize a DMARC policy of ‘quarantine.’ If you attempt to impersonate a Gmail FROM: header, that will likely impact your campaign delivery rate. We strongly recommend you never send any campaigns from Guestfolio CRM using @gmail.com or @yahoo.com email addresses.

The FROM Domain is required to have DMARC email authentication

DMARC (Domain-based Message Authentication, Reporting & Conformance) ties SPF and DKIM together, offering a comprehensive approach to email authentication that enhances trust and prevents domain impersonation, making it a fundamental defense against email-based cyber threats.

Each DMARC record needs to define a policy, which can be one of three options: none, quarantine, or reject. Gmail’s requirement for DMARC is to set it at p=none; this is the minimum-level policy. P=none instructs the receiving mailbox provider to take no action on an email that fails an SPF/DKIM check. A domain’s DMARC record can be checked using a free online tool: DMARC Check Tool - Domain Message Authentication Reporting & Conformance Lookup - MxToolBox.

The most secure setting is what’s called DMARC at enforcement, p=reject or p=quarantine. This requires additional work to ensure that this record incorporates all third parties sending on behalf of your domain. Publishing the record incorrectly could cause your mail from these providers to not be delivered. Hotels should work with their IT and DNS teams to establish a setting that is properly configured and monitored.

For direct mail, the domain in the sender's FROM: header must be aligned with either the SPF domain or the DKIM domain

To meet this requirement, the sending domain must pass DMARC alignment. Specifically, the domain included in your FROM: header should match either the SPF or DKIM domain. Alignment verifies that the DKIM and SPF signatures in your email headers correspond with the domain authenticated for your hotel(s).

In simpler terms, the hotel must ensure that the "FROM" address matches the domain authenticated with SPF or DKIM. Again, you must use a domain that is fully authenticated. If you are unsure if your domain is fully authenticated, submit a ticket for the Email Deliverability Team who can confirm. There are several scenarios that can be accepted for alignment. Google has a blog post about the scenarios, including shared domains and shared sub-domains.

Enable one-click unsubscribe and include a clearly visible unsubscribe link in the message body

"List-unsubscribe" is an email header or feature that provides recipients with an easy and standardized way to unsubscribe from an email mailing list. When included in the email header, it typically contains a specific email address or URL that users can reply to or click to opt-out or unsubscribe from future communications. This feature is designed to enhance user experience and compliance with email marketing regulations by providing a straightforward method for recipients to manage their subscription preferences.

Use a TLS connection for transmitting email

Using a TLS (Transport Layer Security) connection for transmitting email means that the email communication is secured through encryption. TLS is a protocol that ensures the privacy and integrity of data during transmission over a network, such as the internet. In the context of email, when a TLS connection is employed, the content of the emails and any sensitive information within them are encrypted, making it more difficult for unauthorized parties to intercept or tamper with the data as it travels between the email sender and the recipient. This added layer of security helps protect the confidentiality of email content and sensitive information exchanged during the email transmission process.

Gmail and Yahoo require that any email sent to them must be transmitted over a secure TLS connection. However, the Guestfolio CRM email service provider takes care of establishing the connection to these inbox providers and ensures that a TLS connection is issued. So, you don’t need to be concerned about meeting this requirement.

Most of the above requirements apply to all senders. DMARC record, DMARC alignment, and one-click unsubscribe are new requirements and only apply to senders that send over 5,000 messages a day.